CVE-2014-0001

Oracle MySQL & MariaDB <5.5.35 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90901
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
Patch, Vendor Advisory x_refsource_confirm
https://mariadb.com/kb/en/mariadb-5535-changelog/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029708
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52161
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/102714
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0186.html
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65298
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/102713
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0173.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0189.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0164.html
Patch, Third Party Advisory, VDB Entry vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201409-04.xml

Scores

EPSS 0.2069
EPSS Percentile 95.7%

Details

CWE
CWE-119
Status published
Products (49)
mariadb/mariadb < 5.5.34
oracle/mysql 5.5.0
oracle/mysql 5.5.1
oracle/mysql 5.5.2
oracle/mysql 5.5.3
oracle/mysql 5.5.4
oracle/mysql 5.5.5
oracle/mysql 5.5.6
oracle/mysql 5.5.7
oracle/mysql 5.5.9
... and 39 more
Published Jan 31, 2014
Tracked Since Feb 18, 2026